From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pdm-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 09E761FF15E
	for <inbox@lore.proxmox.com>; Mon, 10 Nov 2025 16:24:56 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 3B16C1A166;
	Mon, 10 Nov 2025 16:25:41 +0100 (CET)
Mime-Version: 1.0
Date: Mon, 10 Nov 2025 16:25:36 +0100
Message-Id: <DE54BADAVY89.37E74ODJRXPQU@proxmox.com>
From: =?utf-8?q?Michael_K=C3=B6ppl?= <m.koeppl@proxmox.com>
To: "Proxmox Datacenter Manager development discussion"
 <pdm-devel@lists.proxmox.com>
Cc: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>
X-Mailer: aerc 0.21.0
References: <20251105163546.450094-1-h.laimer@proxmox.com>
 <20251105163546.450094-5-h.laimer@proxmox.com>
In-Reply-To: <20251105163546.450094-5-h.laimer@proxmox.com>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1762788314607
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.038 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pdm-devel] [PATCH proxmox v2 4/4] pve-api-types: regenerate
X-BeenThere: pdm-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Datacenter Manager development discussion
 <pdm-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/>
List-Post: <mailto:pdm-devel@lists.proxmox.com>
List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Datacenter Manager development discussion
 <pdm-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pdm-devel-bounces@lists.proxmox.com
Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>

While testing this, I noticed that for many of the structs defined here
(ClusterFirewallOptions, NodeFirewallOptions, etc.), the default values
do not match with the default values defined in the documentation (see
[0] and [1]). Didn't go through each of them to check, but when looking
at what the PDM UI displays compared to the PVE UI if the firewall
hasn't been explicitly configured, many of the values differ (e.g.
ebtables).

[0] https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#pve_firewall_cluster_wide_setup
[1] https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#pve_firewall_host_specific_configuration

On Wed Nov 5, 2025 at 5:35 PM CET, Hannes Laimer wrote:
> +            type: String,
> +        },
> +        policy_forward: {
> +            optional: true,
> +            type: FirewallFWPolicy,
> +        },
> +        policy_in: {
> +            optional: true,
> +            type: FirewallIOPolicy,
> +        },
> +        policy_out: {
> +            optional: true,
> +            type: FirewallIOPolicy,
> +        },
> +    },
> +)]
> +/// Object.
> +#[derive(Debug, serde::Deserialize, serde::Serialize)]
> +pub struct ClusterFirewallOptions {
> +    /// Enable ebtables rules cluster wide.
> +    #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
> +    #[serde(default, skip_serializing_if = "Option::is_none")]
> +    pub ebtables: Option<bool>,
> +
> +    /// Enable or disable the firewall cluster wide.
> +    #[serde(deserialize_with = "proxmox_serde::perl::deserialize_u64")]
> +    #[serde(default, skip_serializing_if = "Option::is_none")]
> +    pub enable: Option<u64>,
> +
> +    /// Log ratelimiting settings
> +    #[serde(default, skip_serializing_if = "Option::is_none")]
> +    pub log_ratelimit: Option<String>,
> +
> +    #[serde(default, skip_serializing_if = "Option::is_none")]
> +    pub policy_forward: Option<FirewallFWPolicy>,
> +
> +    #[serde(default, skip_serializing_if = "Option::is_none")]
> +    pub policy_in: Option<FirewallIOPolicy>,
> +
> +    #[serde(default, skip_serializing_if = "Option::is_none")]
> +    pub policy_out: Option<FirewallIOPolicy>,
> +}


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel